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Abstract 



In this paper we investigate the theoretical foundation of a new bott om-up semanti cs for 
hnear logic programs, and mor e precisely for the fragment of LinLog ( Andreoli, 1992 ) that 
consists of the language LO (Andreoli fc Pareschi, 1991) enriched with the constant 1. 



We use constraints to symbolically and finitely represent possibly infinite collections of 
provable goals. We define a fixpoint semantics based on a new operator in the style of 
Tp working over constraints. An application of the fixpoint operator can be computed 
algorithmically. As sufficient conditions for termination, we show that the fixpoint compu- 
tation is guaranteed to converge for propositional LO. To our knowledge, this is the first 
attempt to define an effective fixpoint semantics for linear logic programs. As an appli- 
cation of our framework, we also present a formal investigati on of the relations between 
LO and Disjunctive Logic Programming (Minker et ah, 1991). Using an approach based 
on abstract interpretation, we show that DLP fixpoint semantics can be viewed as an 
abstraction of our semantics for LO. We prove that the resulting ab straction is correct 
and complete (Cousot & Cousot, 1977; Giacobazzi & Ranzato, 1997) for an interesting 



class of LO programs encoding Petri Nets. 



1 Introduction 



In recent years a number of fragments of linear logic ( Girard, 1987 ) have been 
proposed as a logical foimdation for extensions of logic programming ( Miller, 1995| ). 
Several new programming languages like LO (Andreoli & Pareschi, 1991), LinLog 
( [Andreoli, 199^), ACL (|Kobayashi fc Yonezawa, 1995| ), LoUi ( |Hodas fc Miller, 1994| ), 
and Lygon (Harland & Pym, 1994) have been proposed with the aim of enriching 



traditional logic programming languages like Prolog with a well-founded notion of 
state and with aspects of concurrency. The operational semantics of this class of 
languages is given via a sequent-calculi presentation of the corresponding fragment 



of linear logic. Special classes of proofs like the focusing proofs of (Andreoli, 1992) 



and the uniform proofs of (Miller, 1996) allow us to restrict our attention to cut- 
free, goal-driven proof systems that are complete with respect to provability in 
linear logic. These presentations of linear logic are the natural counterpart of the 
traditional top-down operational semantics of logic programs. 

In this paper we investigate an alternative operational semantics for the fragment 
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of linear logic underlying the language LO (Andreoli & Pareschi, 1991), and its 
proper extension with the constant 1. Both languages can be seen as fragments of 
LinLog (Andreoli, 1992), which is a presentation of full linear logic. Throughout the 
paper, we will simply refer to these two fragments as LO and LOi. The reason we 
selected these fragments is that we were looking for a relatively simple linear logic 
language with a uniform-proof presentation, state-based computations and aspects 
of concurrency. Considering both LO and its extension with the constant 1 will help 
us to formally classify the different expressive power of linear logic connectives like 
& , T, and 1 when incorporated into a logic programming setting. In practice, 
LO has been successfully applied to model concurrent object-oriented languages 
( Andreoli fc Pareschi, 1991 ), and multi-agent coordination languages based on the 
Linda model ( Andreoli, 1996| ). 

The operational semantics we propose consists of a goal-independent bottom-up 
evaluation of programs. Specifically, given an LO program P our aim is to com- 
pute a finite representation of the set of goals that are provable from P. There are 



several reasons to look at this problem. First of all, as discussed in ( Harland fc 



Winikoff, 1998), the bottom- up evaluation of programs is the key ingredient for all 
applications where it is difhcult or impossible to specify a given goal in advance. 
Examples are active (constraint) databases, agent-based systems and genetic al- 
gorithms. Recent results connecting verification techniques and semantics of logic 
programs ( Delzanno fc Podelski, 1999| ) show that bottom-up evaluation can be used 
to automatically check properties (specified in temporal logic like CTL) of the orig- 
inal program. In this paper will go further showing that the provability relation 
in logic programming languages like LO can be used to naturally express verifica- 
tion problems for Petri Nets-like models of concurrent systems. Finally, a formal 
definition of the bottom-up semantics can be useful for studying equivalence, com- 



positionality and abstract interpretation, as for traditional logic programs ( Bossi 
et al., 1994 [GabbrieUi et al, 1995| ). 

Technically, our contributions are as follows. We first consider a formulation of 
LO with ^, -o, fc and T. Following the semantic framework of (constraint) logic 
programmmg ( iGabbrieUi et al, 1995| ; |jaffar fc Maher, 1994| ), we formulate the 
bottom-up evaluation procedure in two steps. We first define what one could call 
a ground semantics via a Gxpoint operator Tp defined over an extended notion 
of Herbrand interpretation consisting of multisets of atomic formulas. This way, 
we capture the uniformity of LO-provability, according to which compound goals 
must be completely decomposed into atomic goals before program clauses can be 
applied. Due to the structure of the LO proof system, already in the propositional 
case there are infinitely many provable multisets of atomic formulas. In fact, LO- 
provability enjoys the following property. If a multiset of goals A is provable in P, 
then any A' such that A is a sub- multiset of A' is provable in P. To circumvent this 
problem, we order the interpretations according to the multiset inclusion relation 
of their elements and we define a new operator Sp that computes only the minimal 
(w.r.t. multiset inclusion) provable multisets. Dickson's Lemma (Dickson, 1913) 
ensures the termination of the fixpoint computation based on Sp for propositional 
LO programs. Interestingly, this result is an instance of the general decidability 
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results for model checking of infinite-state systems given in (AbduUa et aL, 1996 



Finkel fc Schnoebclcn, 2001) 



The decidability of prepositional provability shows that LO is not as interest- 
ing as one could expect from a state-oriented extension of the logic programming 
paradigm. Specifically, LO does not provide a natural way to count resources. This 
feature can be introduced by a slight extension of LO in which we add unit clauses 
defined via the constant 1. The resulting language, namely LOi , can be viewed 
as a first step towards more complex languages based on linear logic like LinLog 



(Andreoli, 1992). As we show in this paper, LOi allows to model more sophisti- 
cated models of concurrent systems than LO, e.g., in LOi it is possible to model 
Petri Nets with transfer arcs. Adding the constant 1 breaks down the decidability 
of provability in propositional LO. Despite this negative result, it is still possible 
to define an effective Sj, operator for LOi . For this purpose, as symbolic repre- 
sentation of potentially infinite sets of contexts, we choose a special class of linear 
constraints defined over variables that count resources. This abstract domain gen- 
eralizes the domain used for LO: the latter can be represented as the subclass of 
constraints with no equalities. Though for the new operator we cannot guarantee 
that the fixpoint can be reached after finitely many steps, this connection allows 
us to apply techniques developed in model checking for infinite-state systems (see 



e.g. (iBuhan et aL, 1997 



Delzanno fc Podelski, 1999; Henzinger et ah, 1997)) and 



abstract interpretation (Cousot & Halbwachs, 1978) to compute approximations of 
the fixpoint of Sp. 

In this paper we limit ourselves to the study of the propositional case that, as 



shown in ( Andreoli et al, 1997 ), can be viewed as the target of a possible abstract 
interpretation of a first-order program. To our knowledge, this is the first attempt 
of defining an effective fixpoint semantics for linear logic programs. 

Our semantic framework can also be used as a tool to compare the relative 
strength of different logic programming extensions. As an application, we shall 
present a detailed comparison between LO and Disjunctive Logic Programming 
(DLP). Though DLP has been introduced in order to represent 'uncertain' beliefs, 
a closer look at its formal definition reveals very interesting connections with the 
paradigm of linear logic programming: both DLP and LO programs extend Horn 
programs allowing clauses with multiple heads. In fact, in DLP we find clauses of 
the form 

p(X)Vg(X)^r(X)Ai(X), 
whereas in LO we find clauses of the form 

p{X) ^qiX) o- r{X)kt{X)- 

To understand the differences, we must look at the operational semantics of DLP 
programs. In DLP, a resolution step is extended so as to work over positive clauses 
(sets/ disjunctions of facts). Implicit contraction steps are applied over the selected 
clause. On the contrary, being in a sub-structural logic in which contraction is for- 
bidden, we know that LO resolution behaves as multiset rewriting. Following the 
bottom-up approach that we pursue in this paper, we will exploit the classical frame- 
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work of abstract interpretation to formally compare the two languages. Technically, 
we first specialize our fixpoint semantics to a flat fragment of propositional LO (i.e., 
arbitrary nesting of connectives in goals is forbidden) which directly corresponds to 



DLP as defined in (Minker et al., 1991). Then, by using an abstract-interpretation- 
based approach, we exhibit a Galois connection between the semantic domains of 
DLP and LO, and we show that the semantics of DLP programs can be described 
as an abstraction of the semantics of LO programs. Using the theory of abstract 
interpretation and the concept of complete abstraction ( [Cousot fc Cousot, 1977; 



[Giacobazzi fc Ranzato, 1997 ) we discuss the quality of the resulting abstraction. 
This view of DLP as an abstraction of LO is appealing for several reasons. First of 
all, it opens the possibility of using techniques developed for DLP for the analysis 
of LO programs. Furthermore, it shows that the paradigm of DLP could have un- 
expected applications as a framework to reason about properties of Petri Nets, a 
well-know formalism for concurrent computations (Karp fc Miller, 1969). In fact. 



as we will prove formally in the paper, DLP represents a complete abstract domain 
for LO programs that encode Petri Nets. 

Plan of the paper. After introducing some notations in Section ^, in Section ^ 
we recall the main features of LO (Andreoli & Pareschi, 1991). In Section ^ we 
introduce the so-called ground semantics, via the Tp operator, and prove that the 
least fixpoint of Tp characterizes the operational semantics of an LO program. 
In Section ^ we reformulate LO semantics by means of the symbolic Sp operator, 
and we relate it to Tp. In Section ^ we consider an extended fragment of LO 
with the constant 1, extending the notion of satisfiability given in Section |4| and 
introducing an operator Tp. In Section ^ we introduce a symbolic operator Sj, for 
the extended fragment, and we discuss its algorithmic implementation in Section 
^. As an application of our framework, in Section ^ and Section |l^ we investigate 
the relations between LO and DLP, and in Section ll| we investigate the relations 
with Petri Nets. Finally, in Section |l^ and Section |l3| we discuss related works and 
conclusions. 



et al. 



This paper is an extended version of the papers (Bozzano et al., 2000a; Bozzano 
2000bD . 



2 Preliminaries 

In this paper we will extensively use operations on multisets. We will consider a fixed 
signature, i.e a finite set of propositional symbols, S = {oi, . . . , a„}. Multisets over 
S will be hereafter called facts, and symbolically noted as A,B,C, .... A multiset 
with (possibly duplicated) elements G E will be simply indicated as 

{&i, . . . , 6m}, overloading the usual notation for sets. 

A fact A is uniquely determined by a finite map Occ : E — > N such that Occj{{ai) 
is the number of occurrences of in A. Facts are ordered according to the multiset 
inclusion relation ^ defined as follows: A ^ B if and only if OccA{a,i) < Occe(ai) 
for i : 1, . . . , 71. The empty multiset is denoted e and is such that Occ^{ai) = 
for j : 1, . . . , and e =^ ^ for any A. The multiset union A,B (alternatively 
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A + B when ',' is ambiguous) of two facts A and B is such that OcCj\^B{0'i) = 
Occ^(ai) + Occs{ai) for i : The multiset difFerence ^ \ i3 is such that 

Occ_4\g(ai) — max{0, Occ_A{ai) — Occts{ai)) for i : l,...,n. We define a special 
operation • to compute the least upper bound of two facts with respect to =<;. 
Namely, A* B is such that Occ^,B(ai) — max{Occj,{ai), Occs{ai)) for i : 1, . . . , n. 
Finally, we will use the notation where n is a natural number, to indicate 
A + . . . + A (n times). 

In the rest of the paper we will use A, O, . . . to denote multisets of possibly 
compound formulas. Given two multisets A and O, A ^ 6 indicates multiset in- 
clusion and A, Q multiset union, as before, and A, {G} is written simply A, G. In 
the following, a context will denote a multiset of goal-formulas (a fact is a context 
in which every formula is atomic). Given a linear disjunction of atomic formulas 

= «! ^ . . . ^ a„ , we introduce the notation H to denote the multiset ai , . . . , a„ . 

Finally, let T : X ^ Z be an operator defined over a complete lattice (Z, We 
define Tto= 0, where is the bottom element, T]k+i= T{T]k) for all > 0, and 
T\uj= Ua^Lo ^Tfc, where |J is the least upper bound w.r.t. C. Furthermore, we use 
lfp{ T) to denote the least fixpoint of T. 



3 The Programming Language LO 



LO (Andrcoli & Parcschi, 1991) is a logic programming language based on linear 
logic. Its mathematical foundations lie on a proof-theoretical presentation of a frag- 
ment of linear logic defined over the linear connectives o- {linear implication), & 
(additive conjunction), '^{multiplicative disjunction), and the constant T (additive 
identity). In the propositional case LO consists of the following class of formulas: 



D Ai 2^ . . . ^ A„ G | D & D 

G::=G^G|G&G|A|T 
Here Ai, . . . , A„ and A range over propositional symbols from a fixed signature 
E. G-formulas correspond to goals to be evaluated in a given program. D-formulas 
correspond to multiple-headed program clauses. An LO program is a D-formula. 
Let P be the program Ci & ... & C„ . The execution of a multiset of G-formulas 
Gi, . . . , Gk in P corresponds to a goal-driven proof for the two-sided LO-sequent 

P^Gi,...,Gk- 

The LO-sequent P => Gi, . . . , Gk is an abbreviation for the following two-sided 
linear logic sequent: 

! Ci ,...,! C„ Gi, . . . , Gk- 
The formula !F on the left-hand side of a sequent indicates that F can be used in a 
proof an arbitrary number of times. This implies that an LO-Program can be viewed 
also as a set of reusable clauses. According to this view, the operational semantics 
of LO is given via the uniform (goal-driven) proof system defined in Figure |l]. In 
Figure ||, P is a set of implicational clauses, A denotes a multiset of atomic formulas, 
whereas A denotes a multiset of G-formulas. A sequent is provable if all branches 
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T r "^r 



P^ G,A 



P ^ GihG2,A 
be {H G e P) 



P^ H + A 
Fig. 1. A proof system for LO 



of its proof tree terminate with instances of the axiom. The proof system of 
Figure ^ is a speciahzation of more general uniform proof systems for hnear logic 
like Andreoli's focusing proofs ( Andrcoli, 1992| ), and Forum ( Miller, 1996| ). The 



rule be denotes a backchaining (resolution) step {H is the multiset consisting of the 
literals in the disjunction H, see Section Note that be can be executed only if 
the right-hand side of the current LO sequent consists of atomic formulas. Thus, 
LO clauses behave like multiset rewriting rules. LO clauses having the following 
form 

oi ^ . . . ^ a„ T 

play the same role as the unit clauses of Horn programs. In fact, a backchaining 
step over such a clause leads to suecess independently of the current context A, as 
shown in the following scheme: 



P T,A 

be 



P ^ ai, . . . , an,A 
provided ai . . . a„ o— T G P 

This observation leads us to the following property (we recall that =<; is the sub- 
multiset relation). 



Proposition 1 

Given an LO program P and two contexts A, A' such that A =<; A', if P ^ A then 
P => A'. 



Proof 

By simple induction on the structure of LO proofs. □ 



This property is the key point in our analysis of the operational behavior of LO. 
It states that the weakening rule is admissible in LO. Thus, LO can be viewed as 
an afEne fragment of linear logic. Note that weakening and contraction are both 
admissible on the left hand side (i.e. on the program part) of LO sequents. 



Example 1 
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T. 

e,T 

bc(^'> T, 

P ^ T 

P ^ d'^e,c P ^ f,c 

P ^ (d 2§e)&/, c 
P^ b,c 



P^ b'^c 
P e, e 

Fig. 2. An LO proof for the goal e, e in the program of Example |l| 

Let P be the LO program consisting of the clauses 

1 • a 6 ^ c 



c'^d^T 
e ^ e 6 ^ c 

and consider an initial goal e, e. A proof for this goal is shown in Figure ^ where we 
have denoted by ftc^*' the application of the backchaining rule over clause number i 
of P. The proof proceeds as follows. Using clause 4., to prove e, e we have to prove 
6 c, which, by LO rule, reduces to prove 6, c. At this point we can backchain 
over clause 2., and we get the new goal (d e) &/, c. By applying & r rule, we 
get two separate goals d ^ e, c and /, c. The first, after a reduction via rule, 
is provable by means of clause (axiom) 3., while the latter is provable directly by 
clause (axiom) 5. Note that T succeeds in a non-empty context (i.e. containing e) 
in the left branch. A similar proof shows that the goal a is also provable from P. 
By Proposition ^ provability of e, e and a implies provability of any multiset of 
goals e, e, A and a, A, for every context A. □ 

We conclude this Section with the definition of the following induction measure 
on LO goals, which we will later need in proofs. 

Definition 3.1 

Given a goal G, the induction measure m{G) is defined according to the following 
rules: m{A) — for every atomic formula A; m(T) = 0; m{Gi & G2) — m{Gi ^ 
G2) = m{Gi) + m{G2) + 1. The induction measure extends to contexts by defining 
m(Gi, . . . , Gn) = m{Gi) + ... + m{Gn). 



4 A Bottom-up Semantics for LO 

The proof-theoretical semantics of LO corresponds to the top-down operational se- 
mantics based on resolution for traditional logic programming languages like Pro- 
log. Formally, we define the operational top-down semantics of an LO program P 
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as follows: 

0{P) = {A \ A is a fact and P ^ A is provable} 

Note that the information on provable facts from a given program P is all we need 
to decide whether a general goal (with possible nesting of connectives) is provable 
from P or not. This is a consequence of the focusing property ( Andreoli, 1992| ) of 



LO provability, which ensures that provability of a compound goal can always be 
reduced to provability of a finite set of atomic multisets. In a similar way, in Prolog 
the standard bottom-up semantics is defined as a set of atoms, while in general 
conjunctions of atoms are allowed in clause bodies. 

In this paper we are interested in finding a suitable definition of bottom-up 
semantics that can be used as an alternative operational semantics for LO. More 
precisely, given an LO program P we would like to define a procedure to compute 
all goal formulas G such that G is provable from P. This procedure should enjoy 
the usual properties of classical bottom-up semantics, in particular its definition 
should be based on an effective fixpoint operator (i.e. at least every single step 
must be finitely computable), and it should be goal-independent. As usual, goal 
independence is achieved by searching for proofs starting from the axioms (the 
unit clauses of Section ||) and accumulating goals which can be proved by applying 
program clauses to the current interpretation. As for the operational semantics, 
we can limit ourselves to goal formulas consisting of multisets of atomic formulas, 
without any loss of generality. In the rest of the paper we will always consider 
propositional LO programs defined over a Gnite set of propositional symbols S. We 
give the following definitions. 

Definition 4-1 {Herhrand base Bp) 

Given a propositional LO program P defined over E, the Herbrand base of P, 
denoted Bp, is given by 

Bp = {A I ^ is a multiset (fact) over S}- 
Definition (Herbrand interpretation) 

We say that / C Bp is a Herbrand interpretation. Herbrand interpretations form a 
complete lattice (V, C) with respect to set inclusion, where V = V{Bp). 

Before introducing the formal definition of the ground bottom-up semantics, we 
need to define a notion of satisfiability of a context A in a given interpretation /. 
For this purpose, we introduce the judgment / ^ A[^] . The need for this judgment. 



with respect to the familiar logic programming setting ( Gabbrielli et al, 1995 ), is 
motivated by the arbitrary nesting of connectives in LO clause bodies, which is not 
allowed in traditional presentations of (constraint) logic programs. In / |= A[^], 
A should be read as an output fact such that ^ + A is valid in /. This notion of 
satisfiability is modeled according to the right-introduction rules of the connectives. 
The notion of output fact A will simplify the presentation of the algorithmic version 
of the judgment which we will present in Section ^. 

Definition 4-3 {Satisfiability) 
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Let / be a Herbrand interpretation, then \= is defined as follows: 

/ h T, A[^'] for any fact A'; 

I h A[A'] if ^ + ^' e /; 

/ h Gi ^G2,A[y^] if / h Gi,G2,A[A]; 

/ h Gi & G2, A[A] if / h Gi,A[A] and / h G2, A[^]- 
The relation |= satisfies the following properties. 
Lemma 1 

For any interpretations /, J, context A, and fact A, 

i) / h A[A] if and only if I ^ A,A[e]; 

ii) if / C J and / h A[^] then J ^ A[^]; 

iii) given a chain of interpretations /i C /2 C 
exists k s.t. Ik \= A[^]. 

Proof 

The proof of i) and ii) is by simple induction. The proof of iii) is by (complete) 
induction on m(A) (see Definition 

- If A = T, A', then, no matter which k you choose, Ik \= T, A'[^]; 

- if A is a fact, then [J°^i Ii |= A[^] means A,^ G Ui^i which in turn 
implies that there exists k such that A,A ^ h, therefore Ik \= A[^]; 

- if A = Gi & 6*2, A', then by inductive hypothesis there exist ki and fc2 s.t. 
Iki h Gi,A'[A] and 4^ ^ G2, A'[^]. Therefore, if A; = max{ki, fc2}, by ii) we 
have that 4 h Gi, A'[yl] and 4 h G2, A'[yl], therefore 4 ^ Gi & G2, A'[^], 
i.e. 4 1= A[^] as required; 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

□ 

We now come to the definition of the fixpoint operator Tp. 
Definition 4-4 {Fixpoint operator Tp) 

Given a program P and an interpretation /, the operator Tp is defined as follows: 

Tp{I) = {H + A\ H^GeP, / h G[A]}- 
The following property holds. 
Proposition 2 

For every program P, Tp is monotonic and continuous over the lattice (P, C). 
Proof 

Monotonicity. Immediate from Tp definition and Lemma ^ ii). 
Continuity. We prove that Tp is finitary. Namely, given an increasing chain of 
interpretations 4 C 4 C . . ., Tp is finitary if Tp(U^i4) C IJ^^ Tp(4). We 
simply need to show that if 7p(Ui^i-^i) H A[e] then there exists k such that 
Tp{Ik) \= A[e]). The proof is by induction on m(A). 



• • if U^i h h A[A] then there 
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If A = T, A', then, no matter which k you choose, Tp{Ik) ^ T, A'[e]; 

if A is a fact and A e 7^p(Ui^i -^i): then, by definition of Tp, there exist 

a fact A and a clause ^ . . . % ^„ G e P, such that IJ^^ k h ^[-^1 

and A = j4i, . . . , j4„, A. Lemma ^ iii) impUes that 3k ■ Ik \= G[A\, therefore, 

again by definition of Tp, Tp{Ik) \= Ai,..., ^„,^[e], i.e. Tp{Ik) \= A[e] as 

required; 

if A = Gi & G2, A', then by inductive hypothesis, there exist fci and k^ s.t. 
rp(4j h Gi,A'[e] and rp(4j \= G2,A'[e]. Then, if = maa:{fci, fe}, by 
Lemma in) we have that Tp(4) |= Gi, A'[e] and Tp{Ik) h G'2,A'[e]. This 
impHes Tp^h) h Gi & G2, A'[e], i.e. Tp(4) h= A[e] as required; 
the ^case follows by a straightforward application of the inductive hypothe- 
sis. 



□ 



Monotonicity and continuity of the Tp operator imply, by Tarski's Theorem, that 
lfp{Tp)^Tp]^. 



Following (Lloyd, 1987), we define the Gxpoint semantics F{P) of an LO program 
P as the least fixpoint of Tp, namely F{P) ~ lfp{Tp). Intuitively, Tp{I) is the 
set of immediate logical consequences of the program P and of the facts in /. In 
fact, if we define Pj as the program {A o~ T \ A ^ I}, the definition of Tp can be 
viewed as the following instance of the cut rule of linear logic: 

\P,G^H lPj^G,A 

cut 

\P,\Pi H,A 

Using the notation used for LO-sequents we obtain the following rule: 

P^Hc^G Pi^G,A 



PUPi ^ H,A 



cut 



Note that, since H G E P, the sequent _P => _ff G is always provable in linear 
logic. According to this view, F{P) characterizes the set of logical consequences of 
a program P. 

The fixpoint semantics is sound and complete with respect to the operational 
semantics as stated in the following theorem. 

Theorem 1 {Soundness and Completeness) 
For every LO program P, F{P) = 0{P). 

Proof 

i) F{P) C 0{P). We prove that for every k and context A, if TpU\= A[e] then 
_P => A. The proof is by (complete) induction on m(Tptfc, A), where fh is an 
induction measure defined by fh{ Tp^k, A) = {k, m(A)), and {k, m) < {k' , m') if 
and only if {k < k') or {k = k' and m < m') (lexicographic ordering). 

- If A = T, A', the conclusion is immediate; 

- if A is a fact, then A e TpTfc, so that Tp'\k^ and > 0. By definition of Tp 
we have that there exist a fact A and a clause Ai . . . ^ An o- G e P , such 
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that Tp']k-i^ C![A] and A = Ai, . . . , An, A. By Lemma |l| i) we have that 
Tp^k-i\= G,A[e], and then, by inductive hypothesis, P G,A, therefore 
by LO be rule, P ^ Ai, . . . , A, i.e., P ^ A; 

- if A = Gi & G2, A' then by inductive hypothesis P ^ Gi,A' and P ^ G2, A', 
therefore P ^ Gi & G2, A' by LO & ^ rule; 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

ii) 0{P) C F{P). We prove that for every context A if P ^ A then there exists 
k such that TptfeH by induction on the structure of the LO proof. 

- If the proof ends with an application of T^, then the conclusion is immediate; 

- if the proof ends with an application of the be rule, then A = j4i, . . . , An, A, 
where Ai, . . . , An are atomic formulas, and there exists a clause Ai ^ . . . ^ 
An o- G G P. For the uniformity of LO proofs, we can suppose to be a 
fact. By inductive hypothesis, we have that there exists k such that PptfcH 
G,^[e], then, by Lemma |^ i), Tp^k\=^ G[A], which, by definition of Tp, in 
turn implies that Ai, . . . , An, A G Pp(PpTfe) ~ T'pTfc+i, therefore Tp^k+i\=^ 
Ai,...,An,A[e], i.e., TpU+i^ A[e]; 

- if the proof ends with an application of the & r rule, then A = Gi & G2, A' 
and, by inductive hypothesis, there exist ki and ^2 such that Tpf |= Gi, A'[e] 
and Tp1k2\= G2, A'[e]. Then, if k = max{ki, we have, by Lemma ii), 
that Tptfch Gi,A'[e] and TpTfch G2,A'[e], therefore TpT^h Gi& G2,A'[e], 
i.e. Tptfch A[e]; 

- the -^case follows by a straightforward application of the inductive hypothe- 
sis. 

□ 

We note that it is also possible to define a model-theoretic semantics (as for classical 
logic programming ( Gabbrielli et al., 1995| )) based on the notion of least model 



with respect to a given class of models and partial order relation. In our setting, 
the partial order relation is simply set inclusion, while models are exactly Herbrand 
interpretations which satisfy program clauses, i.e., / is a model of P if and only if 
for every clause H ^ G E P and for every fact A, 

I'r G[A] imphes I H[A]- 

It turns out that the operational, fixpoint and model-theoretic semantics are all 
equivalent. We omit details. Finally, we also note that these semantics can be proved 



equivalent to the phase semantics for LO given in (Andreoli & Pareschi, 1991). 



5 An Effective Semantics for LO 

The operator Tp defined in the previous section does not enjoy one of the crucial 
properties we required for our bottom-up semantics, namely its definition is not 
effective. As an example, take the program P consisting of the clause a o- T. Then, 
Tp{^) is the set of all multisets with at least one occurrence of a, which is an infinite 
set. In other words, Tp{%) = {B \ a ^ B } , where =^ is the multiset inclusion relation 
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of Section 0. In order to compute efFectively one step of Tp , we have to find a Gnite 



representation of potentially infinite sets of facts (in the terminology of (AbduUa 



et al., 1996), a constraint system). The previous example suggests us that a provable 
fact A may be used to implicitly represent the ideal generated by A, i.e., the subset 
of Bp defined as follows: 

IA]^{B\A^ B}- 

We extend the definition of |-] to sets of facts as follows: |/] = Based on 

this idea, we define an abstract Herbrand base where we handle every single fact 
^ as a representative element for |^] (note that in the semantics of Section ^ the 
denotation of a fact A is A itself!). 

Definition 5.1 {Abstract Herbrand Interpretation) 

The lattice {I, C) of abstract Herbrand interpretations is defined as follows: 

- I = P{Bp)/ ~ where / ~ J if and only if |/] = |J]; 

- [^]~ !^ [J]^ if ^iid only if for ail B € I there exists A € J such that A =i B; 

- the bottom element is the empty set 0, the top element is the ~-equivalence 
class of the singleton {e} (e=empty multiset, e ^ ^ for any A G Bp); 

- the least upper bound / U J is the ~-equi valence class of / U J. 

The equivalence ~ allows us to reason modulo redundancies. For instance, any A 
is redundant in {e, which, in fact, is equivalent to {e}. It is important to note 
that to compare two ideals we simply need to compare their generators w.r.t. the 
multiset inclusion relation Thus, given a finite set of facts we can always remove 
all redundancies using a polynomial number of comparisons. 

Notation. For the sake of simplicity, in the rest of the paper we will identify an 
interpretation / with its class [/]~. Furthermore, note that ii A ^ B, then C 
1^]. In contrast, if / and J are two interpretations and I ^ J then |/] C |J]. 



The two relations =<; and □ are well-quasi orderings ( [Abdulla et al, 199q ; |Finkel fc 
Schnoebelen, 2001 ), as stated in Proposition ^ and Corollary below. This property 



is the key point of our idea. In fact, it will allow us to prove that the computation 
of the least fixpoint of the symbolic formulation of the operator Tp (working on 
abstract Herbrand interpretations) is guaranteed to terminate on every input LO 
program. 



Proposition 3 [Dickson's Lemma ( Dickson, 191!\) ) 



Let A1A2 ... be an infinite sequence of multisets over the finite alphabet S. Then 
there exist two indices i and j such that i < j and Ai ^ Aj. 



Following (AbduUa et al, 1996), by definition of □ the following Corollary holds. 



Corollary 1 

There are no infinite sequences of interpretations I1I2 ■ ■ . h ■ ■ ■ such that for all k 
and for all j < k, Ik % Ij- 
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Corollary |^ ensures that it is not possible to generate infinite sequences of interpre- 
tations such that each element is not subsumed (using a terminology from constraint 
logic programming) by one of the previous elements in the sequence. The problem 
now is to define a fixpoint operator over abstract Herbrand interpretations that is 
correct and complete w.r.t. the ground semantics. If we find it, then we can use the 
corollary to prove that (for any program) its fixpoint can be reached after finitely 
many steps. For this purpose and using the multiset operations \ (difference), • 
(least upper bound w.r.t. =4), and e (empty multiset) defined in Section]^, we first 
define a new version of the satisfiability relation 1=. The intuition under the new 
judgment / Ih A[^] is that A is the minimal fact (w.r.t. multiset inclusion) that 
should be added to A in order for ^ + A to be satisfiable in /. 

Definition 5.2 (Satisfiability) 

Let / € V{Bp), then Ih is defined as follows: 

/lhT,A[e]; 

/ Ih A[B \ A] for BeL; 

I Ih Gi ^G2,A[A] if / Ih Gi, G2,A[^]; 

/ Ih Gi& G2,A[A •^2] if / Ih Gi,A[A], / Ih G2,A[A]- 

Given a finite interpretation / and a context A, the previous definition gives us an 
algorithm to compute all facts A such that / Ih A[^] holds. 

Example 2 

Let us consider clause 2. of Example |l[ namely 

and / = {{c, d},{c,f}}. We want to compute the facts A for which / Ih G[^], 
where G = (rf e) &/ is the body of the clause. From the second rule defining the 
judgment Ih, we have that / Ih {d, e}[{c}], because {c, d} € / and {c, d} \ {d, e} = 
{c}. Therefore we get / Ih ^ e[{c}] using the third rule for Ih. Similarly, we have 
that / Ih {/}[{c}], because {c,/} e / and {c,/}\{/} = {c}. By applying the fourth 
rule for Ih, with Gi ^ d ^ e, G2 = f , Ai = {c}, A2 — {c} and A = e, we get 
/ Ih G[{c}], in fact {c}»{c} — {c}. There are other ways to apply the rules for Ih. In 
fact, we can get / Ih {d, e}[{c,/}], because {c,/} S / and {c,/} \ {d, e} = {c,/}. 
Similarly, we can get / Ih {/}[{c, rf}]. By considering all combinations, it turns 
out that / Ih G[A], for every A G {{c}, {c, f}, {c, d}, {c, d,f}}. The information 
conveyed by {c,/}, {c, d}, {c, rf,/} is in some sense redundant, as we shall see in 
the following (see Example ^). In other words, it is not always true that the output 
fact of the judgment Ih is minimal (in the previous example only the output {c} is 
minimal). Nevertheless, the important point to be stressed here is that the set of 
possible facts satisfying the judgment, given / and G, is Gnite. This will be sufficient 
to ensure effectiveness of the fixpoint operator. □ 

The relation Ih satisfies the following properties. 

Lemma 2 
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For every I, J <E P{Bp), context A, and fact A, 

i) if / Ih A[^], then |/1 \= A[A'] for all A' s.t. A 4 A'; 

ii) if |/] ^ A[^'], then there exists A such that / Ih A[yl] and A 4 A'; 

iii) if / Ih A[^] and / C J, then there exists A' such that J Ih A[^'] and A' 4 A; 

iv) given a chain of abstract Herbrand interpretations /i C C . . if ||J^]^ lij \= 
A[A] then there exists k s.t |/fc] |= A[A]. 

Proof 

i) By induction on A. 

- / Ih T, A[e] and |/1 ^ T, A[^'] and e =^ A' for any A'; 

- if / Ih A[A'] then A' ^ B\ A for B e I . Since B 4 {B \ A) + A = A' + A, we 
have that {B\A)+Aellj, therefore |/1 \= A[B \A],so that |/] \= A[C] for 
all C s.t. = ;B \ .4 =^ C, because |/] is upward closed; 

- if/lh Gi&G2,A[^] then ^ = ^1.^2 and/ Ih Gi,A[Ai] and / Ih G2,A[^2]- 
By inductive hypothesis, |/] h Gi,A[Bi] and |/] h G2, A[B2] for any Bi,B2 
s.t. Ai 4 Bi and A2 4 ^2. That is, |/] [= G,,A[C] for any C e {Ai • ^^2] 
i : 1, 2. It follows that |/] ^ Gi & G2, A[C] for all C G • ^^2!; 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

ii) By induction on A. 

- The T-case follows by definition; 

- if |/1 h A^] then A' + A€ {I}, i.e., there exists Bel s.t. B 4 A! + A. 
Since B\A4 {A' + A)\A = A' follows that for C = B \ ^, / Ih A[C] and 
C 4 A'] 

- if |/] h Gi&G2,A[yt] then |/] ^ G^, A[y^] for i : 1, 2. By inductive hy- 
pothesis, there exists Ai such that At 4 A, I Ih Gi,A[Ai] for i : 1,2, i.e., 
/ Ih Gi & G2, A[Ai • A2\- The thesis follows noting that AfA2 4 A] 

- the ^casc follows by a straightforward application of the inductive hypothe- 
sis. 

ill) If / Ih A[^], then by i), |/] ^ ^[A- Since |/] C |J] then, by Lemma |l| li), 

|J] h A[^]. Thus, by m), there exists y^' =^ s.t. J Ih A[yt']. 
w) By induction on A. 

- If A = T, A', then, no matter which k you choose, |/fc] |= T, A'[^]; 

- if A is a fact, then A,^ G IUt:i ^jl> t^^t is there exists B s.t. B G Ui^i 
and B 4 A, A. Therefore there exists k s.t. B G Ik and B =^ A,^, that is 
A,^G 141; 

- if A = Gi & G2, A', then by inductive hypothesis there exist ki and ^2 s.t. 
14 J h C?i,A'[^] and 14 J h G2,A'[^]. Therefore, ii k = max{k^,k2}, by 
Lemma ii), we have that |4l h Gi, A'[^] and |41 h G2, A'[yl], therefore 
[41 h Gi& G2, A'[^], i.e. [41 h A[^]; 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

□ 
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We are ready now to define the abstract fixpoint operator Sp : I ^ X. We will pro- 
ceed in two steps. We will first define an operator working over elements of 'P{Bp) 
With a little bit of overloading, we will call the operator with the same name, i.e. 
Sp. As for the Sp operator used in the symbolic semantics of CLP programs ( [Jaffar 



Maher, 19"94| ), the operator should satisfy the equation |S'p(/)] = Tp(ll\) for 



any I, J £ P{Bp). This property ensures the soundness and completeness of the 
symbolic representation w.r.t. the ground semantics of LO programs. 

After defining the operator over ViBp), we will lift it to our abstract domain 
2 consisting of the equivalence classes of elements of V{Bp) w.r.t. the relation ~ 



defined in Definition 5.1. Formally, we first introduce the following definition. 



Definition 5.3 (Symbolic Fixpoint Operator) 

Given an LO program P, and / £ V{Bp), the operator Sp is defined as follows: 

Sp{I) = {H + A\ H^GeP, / Ih G[A]}- 
The following property shows that Sp is sound and complete w.r.t. Tp. 
Proposition 4 

Let / e P{Bp), then |5p(/)l = Tp(|/]). 
Proof 

Let A = H,B e Sp{I) where 77 G e F and / Ih G[B] then, by Lemma | 
i), |/] h G[B'] for any B' s.t. B ^ B' . Thus, for any A! = H,B' s.t. A 4 A', 
A' G TpillJ). 

Vice versa, if ^ e Tp(|/]) then A = H,B where H ^ G e P und (Ij ^ G[B]. By 
Lemma | li), there exists B' s.t. B' 4 B and / Ih G[B'], i.e.. A' = H,B' & Sp{I) 
and A' =4 A. □ 

Furthermore, the following corollary holds. 
Corollary 2 

Given /, J G P{Bp), if / ~ J then Sp{I) ~ Sp{J). 
Proof 

If / ~ J, then, by definition of ~, it follows that |/] — |J]. This implies that 
Tp(|/]) - TpilJl). Thus, by Prop. | it follows that lSp{I)l = [5p(J)1, i.e., 
5p(/) ~ 5p(J). □ 

The previous corollary allows us to safely lift the definition of Sp from the lattice 
{V{Bp), C) to the lattice {I, C). Formally, we define the abstract fixpoint operator 
as follows. 

Definition 5.4 {Abstract Fixpoint Operator Sp) 

Given an LO program P, and an equivalence class [/]~ of X, the operator Sp is 
defined as follows: 

Sp{[iU) - [Sp{i)U 

where Sp{I) is defined in Definition ^.3| . 

In the following we will use / to denote its class [/]~- The abstract operator Sp 
satisfies the following property. 
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Procedure symbF{P : LO program): 

set New ■- {H \ H c^T e P} and Old := 0; 
repeat 

Old := Old U New; 
New := S'F(New); 
until New C Old; 
return Old- 
Fig. 3. Symbolic fixpoint computation 



Proposition 5 

Sp is monotonic and continuous over the lattice {X, C). 
Proof 



Monotonicity. For any A = H,B E Sp{I) there exists H G e P s.t. / Ih G[B]. 
Assume now that I \Z J . Then, by Lemma || Hi), we have that J Ih G[B'] for B' ^ B. 
Thus, there exists A' ^H,B'e Sp{J) such that A' ^ A, i.e., Sp{I) □ Sp{J). 
Continuity. We show that Sp is Unitary. Let /i □ /2 C . . . be an increasing sequence 
of interpretations. For any A = H , B € 'S'pdJ^j^ li) there exists H G £ P s.t. 
U^i I^ G[B]. By Lemma | i), [[JZi ^4 h ^[B]. By Lemma | iv), we get that 
[4] h G[i3] for some fc, and by Lemma | m), 4 1^ for i3' =^ B. Thus, 

^' = e Spih), i.e., ^' e U:ii Sp{I.), i.e., ^p(U^i ^0 C U^i ^p(/.)- □ 



Corollary 3 
llfp{Sp)j = lfp{Tp). 

Let SymbF [P) ~ lfp{Sp), then we have the following main theorem. 
Theorem 2 [Soundness and Completeness) 

Given an LO program P, 0{P) = F{P) = \SymhF{P)\. Furthermore, there exists 
e N such that SymbF{P) = |J*^^o SpU (0)- 

Proof 

Theorem I and Corollary | show that 0{P) = F{P) = lSymbF{P)j. Corollary |] 
guarantees that the fixpoint of Sp can always be reached after finitely many steps. 
□ 

The previous results give us an algorithm to compute the operational and fixpoint 
semantics of a propositional LO program via the operator Sp. The algorithm is in- 



spired by the backward reachability algorithm used in ( AbduUa et ah, 1996; Finkel 



|fc Schnoebelen, 2001 ) to compute backwards the closure of the predecessor operator 



of a well-structured transition system. The algorithm in pseudo-code for computing 
F{P) is shown in Figure |^. Corollary |l| guarantees that the algorithm always ter- 
minates and returns a symbolic representation of 0{P). As a corollary of Theorem 
0, we obtain the following result. 



Corollary 4 

The provability of P ^ G in propositional LO is decidable. 
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In view of Propositi on this resul t can be considered as an instance of the general 



decidability result (Kopylov, 1995) for propositional afEne linear logic (i.e., linear 
logic with weakening). 

Example 3 

We calculate the fixpoint semantics for the program P of Example |l|, which is given 
below. 



1 



a o- b c 



2- h^{d'^e)kf 

3- c^dc^T 

4- e^ec^&^c 

5- c^/c^T 

We start the computation from >S'pto= 0- The first step consists in adding the mul- 
tisets corresponding to program facts, i.e., clauses 3. and 5., therefore we compute 

SpU={{c,d},{cJ}}- 

Now, we can try to apply clauses 1., 2., and 4. to facts in Sp^i. From the first clause, 
we have that SptiH" {^i c}[{c?}] and 5ptill" c}[{/}], therefore {a, d} and {a,/} 
are elements of Sp]2- Similarly, for clause 2. we have that S'ptill- {d, e}[{c}] and 
'S'pTiII" therefore we have, from the rule for & , that {6, c} belongs to Sp^2 

(we can also derive other judgments for clause 2., as seen in Example H, for instance 
'S'pTiII" {di e}[{c,/}], but it immediately turns out that all these judgments give rise 
to redundant information, i.e., facts that are subsumed by the already calculated 
ones). By clause 4., finally we have that S'pTill" {b, c}[{d}] and 5'ptilh {b, c}[{/}], 
therefore {d, e, e} and {e, e,/} belong to Sp'\2- We can therefore take the following 
equivalence class as representative for Sp^2'- 

Sph= {{c, d}, {c,/}, {a, d}, {aj},{b, c}, {d, e, e}, {e, e,/}}- 

We can similarly calculate 5'pt3- For clause 1. we immediately have that 5'pt2ll" 
{&, c}[e], so that {a} is an element of /S'pts; this makes the information given by 
{a, d} and {a,/} in Sp'\2 redundant. From clause 4. we can get that {e, e} is 
another element of S'pta, which implies that the information given by {d, e, e} and 
{e,e,/} is now redundant. No additional (not redundant) elements are obtained 
from clause 2. We therefore can take 

Sph= {{c, d}, {c,f},{b, c}, {a}, {e, e}}- 

The reader can verify that Spl4— Sp^3— SymbF{P) so that 

0{P) = F{P) - |{{c, d}, {cj},{b, c}, {a}, {e, e}}}- 

We suggest the reader to compare the top-down proof for the goal e, e, given in 
Figure |^, and the part of the bottom-up computation which yields the same goal. 
The order in which the backchaining steps are performed is reversed, as expected. 
Moreover, the top-down computation requires to solve one goal, namely d, e, c, 
which is not minimal, in the sense that its proper subset c, d is still provable. 
Using the bottom-up algorithm sketched above, at every step only the minimal 
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information (in this case c, d) is kept at every step. In general, this strategy has the 
further advantage of reducing the amount of non-determinism in the proof search. 
For instance, let us consider the goal 6, e, e (which is certainly provable because 
of Proposition |l|). This goal has at least two different proofs. The first is a slight 
modification of the proof in Figure || (just add the atom b to every sequent). An 
alternative proof is the following, obtained by changing the order of applications of 
the backchaining steps: 



p 


^ e,b,T 


p = 


> d, e, 6, c 


p => 


d, e,b c 


p = 


> d, e, e, e 



P^b.T 

% 6c(5) 

P^f,b,c 

bc^^^ % 

P^f.b^c 

P^d^e,e,e P^f.e,e 

— kr 



P^{d ^e)&/,e,e 
P ^ b. e,e 



There are even more complicated proofs (for instance in the left branch I could 
rewrite b again by backchaining over clause 2. rather than axiom 3). The bottom- 
up computation avoids these complications by keeping only minimal information at 
every step. We would also like to stress that the bottom-up computation is always 
guaranteed to terminate, as stated in Theorem |^, while in general the top-down 
computation can diverge. □ 



6 A Bottom-up Semantics for LOi 



As shown in ( Andreoli, 1992 ), the original formulation of the language LO can be 
extended in order to take into consideration more powerful programming constructs. 
In this paper we will consider an extension of LO where goal formulas range over 
the G-formulas of Section || and over the logical constant 1. In other words, we 
extend LO with clauses of the following form: 

We name this language LOi, and use the notation P =J>i A for LOi sequents. The 
meaning of the new kind of clauses is given by the following inference scheme: 

Ir 

bc{H^i e P) 

P^iH 

Note that there cannot be other resources in the right-hand side of the lower se- 
quent apart from oi, . . . , a„. Thus, in contrast with T, the constant 1 intuitively 
introduces the possibility of counting resources. 

Example 4 
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Ir 

P^l 1 



P =>i check 

bc<-^^ 



P =>i c, check 
P =>i 6, c, c/iecA; 



P =>i 6, 6, c, cione P =>i 6, b, c, check 

P =>i 6, 6, c, trans 

bcW 

P =>i b, a, c, trans 

6c(i) 

P =>i a, a, c, trans 

Fig. 4. An LOi proof for the goal a, a, c, trans in the program of Example ^ 

LO programs can be used to encode Petri Nets (see also the proof of Proposition 



|6| and Section 11). Let us consider a simple Petri net with three places a, b and 
c. We can represent a marking with a multiset of atoms and a transition with a 
clause. For instance, the clause a ^ 6 o- c ^ c can be interpreted as the Petri Net 
transition that removes one token from place a, one token from place b, and adds 
two tokens to place c. By using the constant 1, we can specify an operation trans 
which transfers all tokens in place a to place b. The encoding is as follows: 



a ^ trans o— & ^ trans 
trans o— done & check 
check b o— check 
check c o— check 
check o— 1 



The first clause specifies the transfer of a single token from a to 6, and it is supposed 
to be used as many times as the number of initial tokens in a. The second clause 
starts an auxiliary branch of the computation which checks that all tokens have 
been moved to b. The proof for the initial marking a, a, c is given in Figure ^ 
(where, for simplicity, applications of the and & r rules have been incorporated 
into backchaining steps). Note that the check cannot succeed if there are any tokens 
left in a. Using 1 in clause 5. is crucial to achieve this goal. □ 

Provability in LOi amounts to provability in the proof system for LO augmented 
with the Ir rule. As for LO, let us define the top-down operational semantics of an 
LOi program as follows: 



Oi{P) — {A \ A is a fact and P A is provable}- 

We first note that, in contrast with Proposition |l|, the weakening rule is not admis- 
sible in LOi. This implies that we cannot use the same techniques we used for the 
fragment without 1. So the question is: can we still find a finite representation of 
Oi(P)? The following proposition gives us a negative answer. 
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Proposition 6 

Given an LOi program P, there is no algorithm to compute Ox{P). 
Proof 

To prove the result we present an encoding of Vector Addition Systems (VAS) 
as LOi programs. A VAS consists of a transition system defined over n variables 
(xi, . . . , Xn) ranging over positive integers. The transition rules have the form x[ — 
xi + Si, . . . ,x'^ = Xn + 5n where (5„ is an integer constant. Whenever 5i < 0, guards of 
the form Xi > —Si ensure that the variables assume only positive values. Following 
( |Cervesato, 1995| ), the encoding of a VAS in LOi is defined as follows. We associate 
a propositional symbol g S to each variable a;,. A VAS-transition now becomes 
a rewriting rule H o- B where Occ<j^{ai) = —Si ii Si < (tokens removed from 
place i) and Occ-^{ai) = Si ii Si > (tokens added to place i). We encode the 
set of initial markings (i.e., assignments for the variables x^'s) Mi, . . . , Mk using 
k clauses as follows. The i-th clause Hi o- 1 is such that if Mi is the assignment 
{xi — ci, . . . , Xn — Cn) then Occ-^ {aj ) = Cj for j : 1, . . . , n. Based on this idea, if Py 
is the program that encodes the VAS V it is easy to check that 0{Pv) corresponds 
to the set of reachable markings of V (i.e., to the closure post* of the successor 
operator post w.r.t. V and the initial markings). From classical results on Petri Nets 



(see e.g. the survey (Esparza & Nielsen, 1994)), there is no algorithm to compute 



the set of reachable states of a VAS V {=0{Pv))- If not so, we would be able to 
solve the marking equivalence problem that is known to be undecidable. □ 

Despite Proposition ^, it is still possible to define a symbolic, effective fixpoint 
operator for LOi programs as we will show in the following section. Before going 
into more details, we first rephrase the semantics of Section ^ for LOi. We omit 
the proofs, which are analogous to those of Section IJ. For the sake of simplicity, in 
the rest of the paper we will still denote the satisfiability judgments for LOi with 
\= and Ih. 

Definition 6.1 (Satisfiability in LOx) 

Let / be a Herbrand interpretation, then |= is defined as follows: 

/ h T, A[y^'] for any fact M; 

I h A[A'] if ^ + ^' G /; 

/ h Gi^G2,^[A] if / h Gi,G2,A[^]; 

/ h Gi & Ga, A[y4] if / h Gi, A[^] and / h G2, A[yt]- 
The new satisfiability relation satisfies the following properties. 
Lemma 3 

For any interpretations /, J, context A, and fact A, 

i) / h A[^] if and only if I \= A,^[e]; 
u) if / C J and / h A[^] then J ^ A[^]; 
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iii) given a chain of interpretations /i C /2 C . . if IJ^j^ Li |= ^[A] then there 
exists k s.t. Lk \= A[A\. 

The fixpoint operator Tp is defined hke Tp. 

Definition 6.2 [Fixpoint operator Tp) 

Given an LOi program P, and an interpretation /, the operator Tp is defined as 
follows: 

Tl{I) = {H + A\ H^GeP, / h G[A]}- 
The following property holds. 
Proposition 7 

Tp is monotonic and continuous over the lattice (T>, C). 

The fixpoint semantics is defined as Fi{P) — lfp{Tp) — Tp'\^. It is sound and com- 
plete with respect to the operational semantics, as stated in the following theorem. 

Theorem 3 [Soundness and Completeness) 
For every LOi program P, Fx{P) = Oi{P). 

7 Constraint Semantics for LO^ 

In this section we will define a symbolic fixpoint operator which relies on a con- 
straint-based representation of provable multisets. The application of this operator 
is effective. Proposition ^ shows however that there is no guarantee that its fixpoint 
can be reached after finitely many steps. According to the encoding of VAS used 
in the proof of Proposition let x = (xi, . . . , a;„) be a vector of variables, where 
variable Xi denotes the number of occurrences of € S in a given fact. Then we 
can immediately recover the semantics of Section ^ using a very simple class of 
linear constraints over integer variables. Namely, given a fact A we can denote its 
closure, i.e., the ideal |^], by the constraint 

n 

'fim = A - OccAia^)- 

1=1 

Then all the operations on multisets involved in the definition of Sp (see Definition 
^■2|) can be expressed as operations over linear constraints. In particular, given the 
ideals |^] and , the ideal [A • B] is represented as the constraint 

n-A'Bj ^n-M /^ni3h 

while |6 \ .4] , for a given multiset A, is represented as the constraint 
fli3\Al = 3x' • {ipiBjW/x] A p^(x,x')), 

where 

n 

/9^(x, x') EE l\^Xi ^ x[ - Occj({ai) A Xi>Q- 

i=l 
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The constraint models the removal of the occurrences of the literals in A from 
all elements of the denotation of B. Similarly, + for a given multiset A, is 
represented as the constraint 

VlB+Aj = 3x' • ((p|ej[x7x] A a^(x,x')), 

where 

n 

a^(x,x') = ^x^^ X- + OccA{ai)- 

1=1 

The introduction of the constant 1 breaks down Proposition |l|. As a consequence, 
the abstraction based on ideals is no more precise. In order to give a semantics for 
LOi, we need to add a class of constraints for representing collections of multisets 
which are not upward-closed (i.e., which are not ideals). We note then that we can 
represent a multiset A as the linear constraint 

n 

ipA = A ^ OcCA{a^)■ 

i=l 

The operations over linear constraints discussed previously extend smoothly when 
adding this new class of equality constraints. In particular, given two constraints 
tp and Tp, their conjunction ip A still plays the role that the operation • (least 



upper bound of multisets) had in Definition 5.2, while 3x' • ((/?[x'/x] A/9^(x, x')), for 



a given multiset A, plays the role of multiset difference. The reader can compare 



Definition 5.2 with Definition 7.2. Based on these ideas, we can define a bottom-up 
evaluation procedure for LOi programs via an extension Sp of the operator Sp. 

In the following we will use the notation c, where c = (ci , . . . , c„) is a solution of a 
constraint ip (i.e., an assignment of natural numbers to the variables x which satisfies 
tp), to indicate the multiset over S — {ai, . . . , a„} which contains Ci occurrences 
of every propositional symbol ai (i.e., according to the notation introduced above, 
c is the unique solution of ip-^). We extend this definition to a set C of constraint 
solutions by C = {c I c e C}. We then define the denotation of a given constraint 
tp, written |</5|i, as the set of multisets corresponding to solutions of tp, i.e., {tpji — 
{c I x = c satisfies tp}. 



Following (Gabbrielli et ai., 1995), we introduce an equivalence relation ~ over 
constraints, given by (/? ~ "0 if and only if = |V']i: i-S-, we identify constraints 
with the same set of solutions. For the sake of simplicity, in the following we will 
identify a constraint with its equivalence class, i.e., we will simply write tp instead 
of [tp]^^. Let LCt, be the set of (equivalence classes of) of linear constraints over the 
integer variables x = {xi, . . . ,Xn) associated to the signature E = {ai, . . . , a„}. The 
operator Sp is defined on constraint interpretations consisting of sets (disjunctions) 
of (equivalence classes of) linear constraints. For brevity, we will define the seman- 
tics directly on the interpretations consisting of the representative elements of the 
equivalence classes. The denotation of a constraint interpretation / extends 
the one for constraints as expected: = {ft^fji | tp £ I}. Interpretations form a 
complete lattice with respect to set inclusion. 

Definition 7.1 {Constraint Interpretation) 
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We say that / C LCs is a constraint interpretation. Constraint interpretations form 
a complete lattice (C, C) with respect to set inclusion, where C = V{LCj:). 

We obtain then a new notion of satisfiability using operations over constraints as 
follows. In the following definitions we assume that the conditions apply only when 
the constraints are satisfiable (e.g. x = OAx > 1 has no solutions thus the following 

rules cannot be applied to this case). 

Definition 7.2 {Satisfiability in L0\) 
Let I € C, then Ih is defined as follows: 

I Ih l[ip] where ip = xi = A . . . A a;„ = 0; 

/ Ih T, A[(p] where ip = ii > A . . . A a;„ > 0; 

/ Ih A[ip] where (/s = 3x' • {xp[x.' /x] A p^(x,x')), ip € I; 

/Ih Gi ^G2,AM if /l^ Gi,G2,A[(p]; 

/Ih Gi&G2,A[^i A¥'2] if /l^ Gi,A[<pi], / Ih G2,A[^2]- 

The relation Ih satisfies the following properties. 

Lemma 4 
Given I,J€C, 

i) if / Ih A[ipl then |/]i h A[^] for every A G Mi; 

ii) if |/]i ^ A[^], then there exists ip such that / Ih A[(p] and Ag |<p]i; 
in) if / C J and / Ih A[(p], then J Ih A[<^]; 

iv) given a chain of constraint interpretations /i C /2 C . . ., if |J^;^ /, Ih A[y] 
then there exists k s.t. Ik Ih A[(p]. 

Proof 

i) By induction on A. 

- If / Ihi T,A[(^], then every c (with Ci > 0) is solution of ip, and [/]i \= 
T, A[^'] for every fact A'; 

- ii I Ihi l[p], then (0, . . . , 0) is the only solution of ip, and |/]i |= l[e]; 

- if / Ihi A[ip] then there exists '0 e / s.t. ip = 3x' • (^[x'/x] A pyi(x,x')) is 
satisfiable. Then for every solution cofip there exists a vector c' s.t. tp[c' /x\ is 
satisfiable and c[ > Occ^{ai), c\ — c[ — Occ^{a\), . . . , > Occ^(a„), c„ = 

— Occj{{an). From this we get that for i = 1, . . . , n, = Ci + 0ccj{{ai) 
is a solution for ip, therefore c + A G {ipji C |/]i so that we can conclude 

- if / Ihi Gi& G2, AM then = (/Ji A (/32 and / Ihi Gi,A[ipi], I Ihi G2,A[ip2]. 
By inductive hypothesis, |/]i \= Gi, A[ci] and |/]i \= G2, A[c2] for every Ci 
and C2 solutions of and (p2, respectively. Thus |/]i ^ Gi & G2, A[c] for 
every c which is solution of both ipi and ip2, i.e. for every c which is solution 

of pi A P2] 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 
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ii) By induction on A. 

- h T, A[c] for every c, and / Ihi T, A[i^], where (f = xi > 0, . . . , a;„ > 0, 
and every c is solution of (p; 

- if h e = (oTTTTrO), then / Ihi l[(p], where ip = xi ^ 0, . . . , Xn = 0, 
and (0, . . . , 0} is solution of ip; 

- if \= A[c] then c + yl e therefore there exists e I s.t. c+A G {tpji. 
Therefore, if a is such that a = yl, we have that iplc + a/x] is satisfiable, c is 
solution of (/? = 3x' ■ (V'fx'/x] A /9^(x,x')) and / Ihi A[(p]; 

- if h Gi&G2,A[c] then h Gi,A[c] and h G2,A[c]. By in- 
ductive hypothesis, there exist ipi and ip2 such that / Ihi Gi, A[(^i] and / Ihi 
G2, A[</92], and c is a solution of ipi and ip2- Therefore / Ihi Gi & G2, A[ipi/\(p2] 
and c is a solution of (pi A (p2', 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

Hi) By simple induction on A. 
iv) By induction on A. 

- The T and 1-cases follow by definition; 

- if Ui^i ""1 then there exists ^p S Ui^i ^-t- f = ' /^] ^ 
p^(x,x')) is satisfiable. Then there exists k s.t. t/j e Ik and Ihi ^[i/?]; 

- if Ui^i -^i ""1 ^1 ^ ^2, ^[v']! then p = ipi A ip2, and, by inductive hypothesis, 
there exist ki and ^2 s.t. 4^ Ihi Gi,A[(^i] and Ihi G2,A[(p2]. Then, for 
k — max{ki,k2}, we have, by iii), Ik Ihi Gi,A[(^i] and Ik Ihi G2,A[(^2], 
therefore Ik Ihi Gi & G2, A[(pi A (^2]; 

- the ^case follows by a straightforward application of the inductive hypothe- 
sis. 

□ 

We are now ready to define the extended operator Sp. 
Definition 7.3 {Symbolic Fixpoint Operator Sp) 

Given an LOi program P, and I E C, the operator Sp is defined as follows: 

Sj.{I)^{ip I H ^ G e P, I \^ G[tl;], 

(p = 3x'-(V4x7x] Aa^(x,x'))}- 

The new operator satisfies the following property. 
Proposition 8 

The operator Sp is monotonic and continuous over the lattice (C, C). 
Proof 

Monotonicity. Immediate from Sp definition and Lemma ^ iii). 
Continuity. Let /i C /2 C . . ., be an increasing sequence of interpretations. We 
show that 5'p(lJ^j Ii) C IJi^i Sp{Ii). U p G •S'pdJ^^ Ii), by definition there exists 
a clause H G e P s.t. [jZiI^ '^i and ip = 3x' ■ (V'[x7x] A a^(x,x')) 

is satisfiable. By Lemma |^ iv), there exists k s.t. Ik Ihi Glip]. This implies that 
ipeSUlk),i.e.,ipe[jZ,Sj,{I,). □ 
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Furthermore, Sp is a symbolic version of the ground operator Tp, as stated below. 
Proposition 9 

Let / e C, then = ri([/li). 

Proof 

Let c G |'S'p(/)]i, then there exist ip G Sp{I) and a clause H o- G E P, s.t. c is 
solution of = 3x' • (-0[x'/x] A a^(x, x')) and / Ihi Glip]. Then there exists c' 
solution of -0 s.t. c ~ c' + H, and, by Lemma ^ z), ^ G[c']. Therefore, by 
definition of c = c' + _ff G Vice versa, let c G then there 

exists _ff o— G G -P s.t. 1= G[A] and c = _ff + ^. By Lemma ^ m), there exists 
s.t. / Ihi G[4>] and ^ G Ml. Therefore = 3x' • (V^x'/x] A a^(x,x')) G S]i{I), 
andc = 5 + ^G Ml C □ 

Corollary 5 
llfp{S],)j^ = lfp{Tj,). 

Now, let SymbFi{P) = lfp{Sp), then we have the following main theorem that 
shows that Sp can be used (without termination guarantee) to compute symboli- 
cally the set of logical consequences of an LOi program. 

Theorem 4 {Soundness and completeness) 

Given an LOi program P, Ox{P) = Fi(F) = |5'?/m6Fi(F)]i. 

Proof 

By Theorem | and Corollary |. □ 

8 Bottom-up Evaluation for LOi 

Using a constraint-based representation for LOi provable multisets, we have reduced 
the problem of computing Oi{P) to the problem of computing the reachable states 
of a system with integer variables. As shown by Proposition ^, the termination of the 
algorithm is not guaranteed a priori. In this respect. Theorem || gives us sufficient 
conditions that ensure its termination. The symbolic fixpoint operator Sp of Section 
0is defined over the lattice {V{LG^), C), with set inclusion being the partial order 
relation and set union the least upper bound operator. When we come to a concrete 
implementation of Sp, it is worth considering a weaker ordering relation between 
interpretations, namely pointwise subsumption. Let =^ be the partial order between 
(equivalence classes of) constraints given hy ip ^ i/j \f and only if |^]i C {(pji. Then 
we say that an interpretation / is subsumed by an interpretation J, written I ^ J, 
if and only if for every ip E I there exists d J such that ip ^ ip. 

As we do not need to distinguish between different interpretations representing 
the same set of solutions, we can consider interpretations / and J to be equivalent 
in case both I ^ J and J ^ I hold. In this way, we get a lattice of interpretations 
ordered by C and such that the least upper bound operator is still set union. This 
construction is the natural extension of the one of Section ||. Actually, when we limit 
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SpIi = { Xa = 1 A Xi = A Xc = 0, Xa > I A Xi > 1 A Xc > 0, 

2;a>0A2;6>0Aa;c>2 } 

'S'pT2 = { = 1 A a;;, = A = 0, a;„ > 1 A a;;, > 1 A Xc > 0, 

2;a > A a;^ > A > 2, a;a = A a;^ = 2 A = 0, 

a:a > A > 3 A > 0, Xa > 2 A xj > A > 

Sp^S = { Xa = 1 A Xt = A Xc = 0, Xa > 1 A Xt > 1 A Xc > 0, 

Xa > A xt > A Xc > 2, Xo = A xt = 2 A Xc = 0, 

Xa > A xj > 3 A Xc > 0, Xa > 2 A Xi > A Xc > 0, 

Xa = A Xj = 1 A Xc = 1, Xa > A Xi, > 2 A Xc > 1, 

Xa>lAXj>OAXc>l } 

Fig. 5. Symbolic fixpoint computation for the program in Example ^ 



ourselves to considering LO programs (i.e., without the constant 1) it turns out that 
we need only consider constraints of the form x > c, which can be abstracted away 
by considering the upward closure of c, as we did in Section ^. The reader can note 
that the ^ relation defined above for constraints is an extension of the multiset 
inclusion relation we used in Section ^. 

The construction based on C can be directly incorporated into the semantic 
framework presented in Section where, for the sake of simplicity, we have adopted 
an approach based on C. Of course, relation C is stronger than C, therefore a 
computation based on □ is correct and it terminates every time a computation 
based on C does. However, the converse does not always hold, and this is why a 
concrete algorithm for computing the least fixpoint of Sp relies on subsumption. 
Let us see an example. 

Example 5 

We calculate the fixpoint semantics for the following LOi program made up of six 
clauses: 

1 • a o— 1 

2- a^bo-T 

3- c^cc^T 

4- h'^h<^ a 

5 • a o— b 

6 • c o~ aSz b 

Let S — {a, 6, c} and consider constraints over the variables x — {xa, Xb, Xc). We 
have that Sp'\o= Ih l[xa = A Xh = A Xc = 0], therefore, by the first clause, 
(fi e Sp'\i, where ip = 3x' -{x'^ = OAxj^ = OAx'^ = QAxa = a;^ + lAa;f, = x'l^AXc = x'J, 
which is equivalent to Xa = lAxb = Axc = 0. From now on, we leave to the reader 
the details concerning equivalence of constraints. By reasoning in a similar way, 
using clauses 2. and 3. we calculate S'pti (see Figure ||). 

We now compute Sp'\2- By 4., as Sptill" a[xa = A A = 0], we get 

Xa — A Xb — 2 A Xc — 0, and, similarly, we get Xa > A Xb > 3 A Xc > 0. By 5., 
we have Xa > 2 A Xb > A Xc > 0, while clause 6. is not (yet) applicable. Therefore, 
modulo redundant constraints (i.e., constraints subsumed by the already calculated 
ones) the value of Sp^2 is given in Figure ||. 
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Now, we can compute S'pts- By 4. and 2;a>2A2;6>0Aa:c>0G Sp'\2 we get 
Xa > I A Xh > 2 A Xc > 0, which is subsumed by > 1 A > 1 A a:c > 0. By 
5. and Xa = A Xb = 2 A Xc = 0, we get Xa — I A xi, = 1 A Xc ^ 0, subsumed by 
Xa > lAxb > lAXc > 0. Similarly, by 5. and Xa > OAxi, > 3Axc > we get redundant 
information. By 6., from > 1 Aif, > 1 A^c > and Xa — OAxf, — 2Axc — we get 
Xa ~ Axb = 1 Axc = 1, from Xa > I A Xb > I A Xc > and Xa > Axb > 3 Axc > 
we get Xa > A Xb > 2 A Xc > 1, and finally from Xa > 2 A Xb > A Xc > 
and Xa > 1 A Xb > 1 A Xc > we have Xa > I A Xb > A Xc > 1. The reader can 
verify that no additional provable multisets can be obtained. It is somewhat tedious, 
but in no way difficult, to verify that clause 6. yields only redundant information 
when applied to every possible couple of constraints in S'pta- We have then Sp']^^ 
S'p t3= SymbFi{P), so that in this particular case we achieve termination. We 
can reformulate the operational semantics of P using the more suggestive multiset 
notation (we recall that |.4] = {B \ A ^ B}, where ^ is multiset inclusion): 

^^i(^) = b},{b, c}} U {{a, b}, {c, c}, {6, 6, 6}, {a, a}, {b, 6, c}, {a, c}]- 

□ 



It is often not the case that the symbolic computation of LOi program seman- 
tics can be carried out in a finite number of steps. Nevertheless, it is important 
to remark that viewing the bottom-up evaluation of LOi programs as a least fix- 
point computation over infinite-state integer systems allows us to apply techniques 



and tools developed in infinite-state model checking (see e.g. (AbduUa et aJ., 1996 



Bultan et al, 1997; Delzanno fc Podelski, 1999; Finkel fc Schnocbelen, 2001; Hen 



zinger et al, 1997)) and program analysis (Cousot fc Halbwachs, 1978) to compute 



approximations of the least fixpoint of Sp. 

In the next section we will present an interesting application of the semantical 
framework we have presented so far. Namely, we shall make a detailed comparison 
between LO and Disjunctive Logic Programming. This will help us in clarifying 
the relations and the relative strength of the languages. After recalling the basic 
definitions of DLP in Section H, we will present our view of DLP as an abstraction 
of LO in Section RB. Finally, in Section 11 we will give a few hints on how to employ 



this framework to study reachability problems in Petri Nets. 



9 An Application of the Semantics: Relation with DLP 

As anticipated in the introduction, the paradigms of linear logic programming and 
Disjunctive Logic Programming have in common the use of multi-headed clauses. 
However, the operational interpretation of the extended notion of clause is quite 



different in the two paradigms. In fact, as shown in (Bozzano et aL, 2000b), from a 
proof-theoretical perspective it is possible to view LO as a sub-structural fragment 
of DLP in which the rule of contraction is forbidden on the right-hand side of 
sequent s. 

While proof theory allows one to compare the top-down semantics of the two 
languages, abstract interpretation ( Cousot fc Cousot, 1977| ) can be used to relate 
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the fixpoint, bottom-up evaluation of programs. In the fohowing we wiU focus on 
the latter approach, exploiting our semantics of LO and the bottom-up semantics of 



DLP given in (Minker et al, 1991). For the sake of clarity, we will use superscripts 
in order to distinguish between the fixpoint operators for LO and DLP, which will 
be denoted by Tp and Tp^ , respectively. First of all, we recall some definitions 
concerning Disjunctive Logic Programming. 



A disjunctive logic program as defined in ( [Minker et al, 199l| ) is a finite set of 
clauses 

yli V...V^„ ^fii A...A5™, 

where n > 1, m > 0, and Ai and Bi are atomic formulas. A disjunctive goal is of 
the form ^ Ci, . . . , C„, where Ci is a positive clause (i.e., a disjunction of atomic 
formulas) for i : 1, . . . , n. To make the language symmetric, in this paper we will 
consider extended clauses of the form 

AiV . . .W An ^ Ci A . . . A C„i 



containing positive clauses in the body. Following ( Minker et al, 1991 ), we will 
identify positive clauses with sets of atoms. In order to define the operational and 
denotational semantics of DLP, we need the following notions. 

Definition 9.1 [Disjunctive Herbrand Base) 

The disjunctive Herbrand base of a program P, for short DHBp, is the set of all 
positive clauses formed by an arbitrary number of atoms. 



Definition 9.2 [Disjunctive Interpretation) 

A subset / of the disjunctive Herbrand base DHBp is called a disjunctive Herbrand 
interpretation. 

Definition 9.3 [Ground SLO- derivation) 

Let P be a DLP program. An SLO-derivation of a ground goal G from P consists 
of a sequence of goals Gq — G, Gi, . . . such that for all i > 0, Gi+i is obtained from 
G^ =^ (Ci, . . . , C„i, . . . , Cfc) as follows: 

- G ^ Di A ... A Dq is a. ground instance of a clause in P such that G is 
contained in Gm (the selected clause); 

- Gi+i is the goal <- (Ci, . . . , C„_i, A V Gm, ...,DqV Gm, Gm+i, Gk). 

Definition 9.4 [SLO-refutation) 

Let P be a DLP program. An SLO-refutation of a ground goal G from P is an 
SLO-derivation Go, Gi, . . . , Gk s.t. Gk consists of the empty clause only. 

As SLD-resolution for Horn programs, SLO-resolution gives us a procedural inter- 
pretation of DLP programs. The operational semantics is defined then as follows: 

Op^ = {G \ G e DHBp, ^ G has an SLO-refutation}- 

As for Horn programs, it is possible to define a fixpoint semantics via the following 
operator (where gnd[P) denotes the set of ground instances of clauses in P). 
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Definition 9.5 {The Tp^ Operator) 
Given a DLP program P and / C DHBp, 

T^^P{I) = { C eDHBp\ C ^Di,...,Dnegnd{P), 
D^V Q e I, i : 1,. . . ,n 
C = C" V Ci V . . . V C„ }• 

The operator Tp^ is monotonic and continuous on the lattice of interpretations 
ordered w.r.t. set inclusion. Based on this property, the fixpoint semantics is defined 



as = lfp{TpP) = TpP^. As shown in ( |Minker et al, 19911) , for aU C £ Op^ 
there exists C G Fp^ s.t. C implies C. Note that for two ground clauses C and 
C", C implies C" if and only if C C C". This suggests that interpretations can also 
be ordered w.r.t. subset inclusion for their elements, i.e., / C J if and only if for all 
A G I there exists B G J such that B C A {B implies A). In the rest of the paper 
we will consider this latter ordering. 

Example 6 

Consider the disjunctive program P ~ {^{0.), p{X) V q{X) ^ ^{X)} and the 
auxiliary predicate t. Then, DHBp — {r{a), p{a), q{a), t{a), p{a) V r(a),p(a) V 
q{a),p{a)V q{a)V r{a), . . .}. Furthermore, the goal Go {p{a)V q{a)\/ t{a)) has 
the refutation Go, Gi =^ V q{a) V t{a) V r(a)), G2 where G2 consists of the 

empty clause only. The fixpoint semantics of P is as follows FpP = {r{a), p{a) V 
g(a)}. Note that p{a) V q{a) V t{a) is implied by p{a) V q{a). □ 

We note that the definition of the Tp^^ operator can be re- formulated in such a way 
that its input and output domains contain multisets instead of sets of atoms (i.e., 
we can consider interpretations which are sets of multisets of atoms). In fact, we 
can always map a multiset to its underlying set, i.e., the set containing the elements 
with multiplicity greater than zero, and, vice versa, a set can be viewed as a multiset 
in which each element has multiplicity equal to one. In the following we will assume 
that Tp^^ is defined on domains containing multisets. As the fixpoint operator for 
LO is defined on the same kind of domains, this will make the comparison between 
the two operators easier. Furthermore, without loss of generality, we will make the 
assumption that in clauses like Ai M . . . y An ^ C1A...A C™, the AiS are all 
distinct and each Cj consist of distinct atoms. This will simplify the embedding of 
DLP clauses into linear logic. The previous definitions can be easily adapted. 

Now, we give a closer look at the formal presentations of DLP and LO. As said in 
the Introduction, we only need to consider a fragment of LO in which connectives 
can not be arbitrarily nested in goals, like in DLP. This fragment can be described 
by the following grammar: 



H 
D 

G 



Al ^ ... ^ A„ 
= H G I D & D 



Hi& ... & H„ I T 

where A^ is an atomic formula. The comparison between the two languages is 
based on the idea that, to some extent, linear connectives, i.e., additive conjunction 
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& and multiplicative disjunction should behave like classical conjunction A and 
classical disjunction V. Actually, classical connectives give rise to a fixpoint seman- 
tics for DLP which is a proper abstraction of the semantics for LO. The translation 
between linear and classical connectives is given via the following mapping [•] : 

[F V G] = \F] 2S \G] , [F A Gl = \F] & \G] , [F ^ G] = [F] [G] , [tt] = T- 

In order to make the comparison between DLP and LO more direct, it is possible 
to present DLP by means of the following grammar: 

H Ai V ... V A„ 

D ::= H ^ G I D A D 

G ::= Hi A . . . A H„ | tt 

where A^ is an atomic formula. A DLP program P is now a D-clause, whereas 
DLP goals are represented (modulo '^') as G-formulas. Here, we have introduced 
an explicit constant tt for true and we have written unit clauses (i.e., with empty 
body) with the syntax yli V . . . V An <~ tt. With these conventions, the grammars 
for LO and DLP given above are exactly the same modulo the translation [•] . 
The definitions concerning the operational and fixpoint semantics for DLP given 
previously can be adapted in a straightforward manner. The reader can also note 
that by definition of DLP program, the image of [■] returns a class of LO programs 
where both the head and the disjuncts in the body have no repeated occurrences 
of the same atom. 

We conclude this section by specializing our fixpoint semantics for LO, given in 
Section 1^, to the simpler fragment presented above. We give the following definition 
for the Tp operator: 

Definition 9.6 {Tp operator) 

Given an LO program P and an interpretation /, the operator Tp is defined as 
follows: 

T'p°{I) = + (Ci .....C„) I Fc^ ... &i?„ e P, Vi = l,...,n, A +C, G /} 
U \ Hc^T eP} 

The operator Tp is monotonic and continuous over the lattice of Herbrand inter- 
pretations (ordered w.r.t. C). Thus, the fixpoint semantics of an LO-program P is 
defined as 

u 

F'p° = □ T|°T. • 

2 = 

A completeness result similar to that of Section ^, stating the equivalence between 
the operational and fixpoint semantics, obviously holds for the fragment of LO 
considered here. 

10 DLP as Abstraction of LO 



The fixpoint semantics of LO allows us to investigate in more depth the relationships 
between LO and DLP. For this purpose, we can employ the mathematical tools 
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provided by abstract interpretation (Cousot & Cousot, 1977), and in particular the 
notion of completeness (Cousot & Cousot, 1977; Giacobazzi & Ranzato, 1997) that 
quahfies the precision of an abstraction. Informally, the comparison between LO and 
DLP fixpoint semantics is based on the abstraction that maps multisets into sets 
of atomic formulas (positive clauses). This abstraction induces a Galois connection 
between the semantic domains of DLP and LO. We prove that the fixpoint semantics 
of the translation of an LO program in DLP is a correct abstraction of the fixpoint 
semantics of the original LO program. Furthermore, we show that this abstraction 
is not fully complete with respect to LO semantics. In a fully complete abstraction 
the result of interleaving the application of the abstract fixpoint operator with the 
abstraction a coincides with the abstraction of the concrete fixpoint operator. For 
a complete abstraction, a similar relation holds for fixpoints, i.e., the fixpoint of the 
abstract operator coincides with the abstraction of the fixpoint of the concrete one. 
We isolate an interesting class of LO programs for which we show that the property 
of completeness holds. In particular, completeness holds if we forbid conjunctions 
in the body of clauses. The resulting class of LO programs is still very interesting, 
as it can be used to encode Petri Nets. 

Abstract Interpretation (Cousot & Cousot, 1977; Cousot fc Cousot, 1979| ) is a 
classical framework for semantics approximation which is used for the construction 
of semantics-based program analysis algorithms. Given a semantics and an ab- 
straction of the language constructors and standard data, abstract interpretation 
determines an abstract representation of the language which is, by construction, 
sound with respect to the standard semantics. This new representation enables the 
calculation of the abstract semantics in finite time, although it implies some loss of 
precision. We recall here some key concepts in abstract interpretation, which the 
reader can find in ( Cousot fc Cousot, 1977| ; Cousot fc Cousot, 1979| ; Giacobazzi fc 
Ranzato, 1997|) . 



Given a concrete semantics (C, Tp), specified by a concrete domain (complete 
lattice) C and a (monotone) fixpoint operator Tp : C —>^ C, the abstract semantics 
can be specified by an abstract domain A and an abstract fixpoint operator Tp . 
In this context, program semantics is given by lfp{Tp), and its abstraction is 
lfp{Tf). The concrete and abstract semantics S = (C, Tp) and S* = {A, Tf) 
are related by a Galois connection (a, C, ^,7), where a : C ^ A and 7 : ^ — » 
C are called abstraction and concretization functions, respectively. 5'^ is called 
a sound abstraction of S if for aU P, a{lfp{Tp)) <a lfp{T*). This condition 
is implied by the strongest property of full soundness^ which requires that a o 
Tp <A Tp o a. The notions of completeness and full completeness are dual with 
respect to those of soundness. Namely, 5'^ is a (fully) complete abstraction of S 
if for all P, {T* o a <A a o Tp) lfp{T*) <a a{lfp{Tp)). Often, the notion of 
completeness is assumed to include soundness (i.e., we impose '=' in the previous 
equations). It is well-known (Cousot fc Cousot, 197E) that the abstract domain 
A induces a best correct approximation of Tp, which is given by a o Tp o 7, and 
that it is possible to define a (fully) complete abstract operator Tp if and only 
if the best correct approximation is (fully) complete. It can be proved that for 
a fixed concrete semantics, (full) completeness of an abstract interpretation only 
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depends on the choice of the abstract domain. The problem of achieving a (fully) 
complete abstract interpretation starting from a correct one, by either refining or 



simplifying the abstract domain, is studied in (Giacobazzi & Ranzato, 1997). We 
conclude by observing that an equivalent presentation of abstract interpretation is 
based on closure operators ( pousot fc Cousot, 1979 ), i.e. functions from a concrete 



domain C to itself which are monotone, idempotent and extensive. This approach 
provides independence from specific representations of abstract domain's objects 
(the abstract domain is given by the image, i.e., the set of fixpoints, of the closure 
operator). 

We are now in the position of connecting the LO (concrete) semantics with the 
DLP (abstract) semantics. We define the abstract interpretation as a closure oper- 



ator on the lattice I, the domain of LO interpretations of Definition 5.1. In fact, 
as mentioned before, we can consider disjunctive interpretations as a subclass of 2 
(i.e., all sets in 2). We recall that in 2 the ordering of interpretations is defined as 
follows: / C J iff for all i? G / there exists A J such that ^ is a sub-multiset of 
B (i.e., for disjunctive interpretations, A C B). We give the following definitions. 

Definition 10.1 {Abstract Interpretation from LO to DLP) 

The abstract interpretation is defined by the closure operator a -.2 2 such that 
for every I E 2, a{I) = {ct{A) \ A G 2}, where for a given multiset A, a{A) is 
the multiset such that for every i = l,...,7i, OcCa(^j{-){ai) = if Occ^{ai) — 0, 
OcCa(A){0'i) = 1 otherwise (i.e., we abstract a multiset with the corresponding set). 

Definition 10.2 {Abstract semantics) 

The abstract fixpoint semantics is given by lfp{Tp), where the abstract fixpoint 
operator xf is defined as (a o Tp). 



According to (Cousot & Cousot, 1979), ao Tp is the best correct approximation of 
the concrete fixpoint operator Tp , for the fixed abstraction a. The abstraction a, 
as said before, transforms multisets into sets by forgetting multiple occurrences of 
atoms. It is not difficult to convince ourselves that Tp is indeed the Tp^ operator 
for disjunctive logic programs, provided that, as discussed in Section^, we consider 
Tp^ defined over domains containing multisets instead of sets (actually, we are 
identifying Tp^ input domain with the abstract domain which is given by the set 
of fixpoints, i.e., the image, of the closure operator a). The operations • {least 
upper bound of multisets) and -I- (multiset union) used in the definition of Tp 
are interchangeable (because of the subsequent application of the operator a) and 
correspond to set (multiset) union in the definition of Tp^ . We have the following 
results. 



Proposition 10 {DLP is an abstraction of LO) 

For every DLP program P and disjunctive (hence LO) interpretation /, Tp^{I) — 
Proof 

By definitions. □ 
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Proposition 11 {DLP is a correct abstraction of LO) 

For every LO program P, the abstract semantics is a fully sound abstraction of the 
concrete semantics, that is, for every interpretation /, a{Tp{I)) □ Tp{a{I))- 

Proof 

As = a o Tp and / C «(/), the proposition follows by monotonicity of Tp. 
□ 

The previous result implies soundness, i.e. a {lfp{T^p°)) □ lfp{T*). The strong 
property of full completeness does not hold for the abstraction. To see why, take as 
a counterexample the single clause a o— b and the interpretation / with the single 
multiset {&, b}. Then, a{T]?{I)) = {{a, &}}, T*{a{I)) = {{a}}, and T*{a{I)) % 
a(Ti?(/)). 

We conclude this section showing that the abstraction is complete for the subclass 
of LO programs whose clauses contain at most one conjunct in the body. We will 
address some applications of this result in Section |ll|. 

(Note: the abstraction not being fully complete has a counterpart in the fact that 
in general /i > 1 in the following lemma, i.e., more than one step of Tp is necessary 
to simulate one step of Tp ).) 

Lemma 5 

Let P be an LO program in which every clause has at most one conjunct in the 
body (i.e., conjunction is forbidden), and /, J two interpretations. If / ^ ol{J) then 
there exists a natural number h such that a{Tp{I)) C a(Tp°t/i (•^))- 

Proof 

Suppose / C a(J) and A G a(rj?(/)). Then there exists M G rj?(/) s.t. A = 
a{A!). By definition of Tp , there exists a clause H o- D £ P (the case for unit 
clauses is trivial) s.t. D + C £ I and A' — H + C. As I \I- a{J), we also have 
D + C £ a{J), which implies that there exists K. £ J s.t. D + C — a{IC). Let 
p = min{n \ IC ^ (D -\- C)"} (it is immediate to prove that such a p exists), and 
let M = {D +C)P. We have that IC 4 M, therefore M G J (because /C G J and 
J is upward-closed). Now, M = D + {C + {D + C)^"^) G J, and, by definition 
of T]S {H ^ D e P), H + C + [D + Cy-^ G T]S{J). By repeatedly applying 
Tj? (the proof is by induction on p) we get (H + Cy G Tj? tp {J)- Therefore 
A=a{H + C) = a{{H + Cy) G a(Tj?Tp {J))- □ 

Proposition 12 

Let P be an LO program in which every clause has at most one conjunct in the 
body Then a{lfp{T]?)) = lfp{T*). 

Proof 

By a simple induction, using Lemma ^, we have that for every k there exists h s.t. 
T*]k^ a{T]?]h). Therefore lfp{T*) C a{lfp{T]?)). □ 

The class of LO programs with one conjunct in the body is still very interesting. 
Below, we show how this result could be exploited to study reachability problems 
in Petri Nets. 



34 



M. Bozzano, G. Delzanno and M. Martelli 



11 Other Applications: Relation with Petri Nets 

As shown in the proof of Proposition ^ the class of propositional LO programs 
with one conjunct in the body is equivalent to VAS, i.e., to Petri Nets. Intuitively, 
a multiset rewriting rule can be used to describe the effect of firing a Petri Net 
transition. For instance, the clause a-^b^bo-c'^c can be interpreted as the 
Petri Net transition that removes one token from place a, two tokens from place &, 
and adds two tokens to place c. As a consequence, a (possibly infinite) execution 
(sequence of goals Gq, Gi, . . .) of a restricted LO program denotes an execution 
of the corresponding Petri Net. The initial goal Go can be viewed as the initial 
marking of the Petri Net. Consider now the fact F = c o~ T, and let Go be the 
goal a ^ a ^ &. Then, the sequent P U F ^ Go is provable in LO if and only 
if there exists a reachable marking having at least one token in place c. In other 
words, the fact F can be used to implicitly represent an infinite set of markings 
(its upward closure) of the corresponding Petri Net. Our bottom- up semantics can 
be use to effectively compute the set Pre*{F) (using the terminology of (AbduUa 
|et al, 199^ )) of markings that can reach a marking in the denotation of F . 

This idea can be used to verify safety properties of concurrent systems. A safety 
property S can be viewed as a set of good states (markings) of a given concurrent 
system (Petri Net). The system satisfies the property if the set of states that are 
reachable from the initial state Go are all contained in S. Symmetrically, the set -^S 
represents the set of bad states. Thus, the systems can be proved correct by showing 
that Pre*{^S) does not contain the initial state Go, i.e., by applying the bottom-up 
algorithm starting from a fact denoting -iS. It is interesting to note that in many 
real examples is indeed an upward closed set of states (e.g. the set of states 
where there are at ieast two processes in the critical section are the the typical bad 
states of a mutual exclusion algorithm). In general, the complexity of computing 
Pre*{F), for some F, can be very high. However, the results of Section |l^ show 
that the fixpoint semantics of DLP can be used to approximate the set Pre*{F). 
Completeness implies that all properties that are preserved by the abstraction can 
be checked equivalently over the concrete and the abstract domain. In our setting 
the kind of properties that satisfy this requirement can be informally characterized 
as 'at least one'-properties (e.g. is there at least one token in place P in a reachable 
marking?). This kind of properties can be used to check 'mutual exclusion' for a 
concurrent system represented via a Petri Net. Suppose we want to prove that 
a system ensures mutual exclusion for two processes represented via a Petri Net. 
Process pi is in the critical section whenever a token is in a special place csi for 
i : 1,2. Violations of mutual exclusion are expressed as the set of states with at 
ieast one token in place csi and one token in state CS2 . Thus, the fixpoint semantics 
of the DLP program obtained as translation of the Petri Net (LO program) union 
the fact csi V cs2 is an abstraction of the set of backward reachable states. We 
obtain a full-test for mutual exclusion properties, whenever the initial states can be 
expressed again as at least one properties (i.e., whenever membership of the initial 
states in the set of abstract reachable states can be determined exactly) . 
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12 Related Works 

Our work is inspired to the general decidability results for infinite-state systems 



based on the theory of well-quasi orderings given in (AbduUa ct al, f996; Finkel 



fc Schnocbelcn, 2001 ). In fact, the construction of the least fixpoint of Sp and Sp 
can be viewed as an instance of the backward reachability algorithm for transition 
systems presented in (AbduUa et al, 1996|). Differently from ( AbduUa ct al, 1996 



Finkel & Schnocbelcn. 2001), we need to add special rules (via the satisfiability 



relation Ih) to handle formulas with the connectives & , T and 1. 

Other sources of inspiration come from linear logic programming. In (Harland & 
Winikoff, 1998| ), the authors present an abstract deductive system for the bottom- 
up evaluation of linear logic programs. The left introduction rules plus weakening 
and cut are used to compute the logical consequences of a given formula. The 
satisfiability relations we use in the definition of the fixpoint operators correspond 
to top-down steps within their bottom-up evaluation scheme. The framework is 
given for a more general fragment than LO. However, they do not provide an 
effective fixpoint operator as we did in the case of LO and LOi, and they do not 
discuss computability issues for the resulting derivability relation. 



In (Andrcoli ct al, 1997), Andreoli, Pareschi and Castagnctti present a partial 



evaluation scheme for propositional LO (i.c without 1). Given an initial goal G, they 



use a construction similar to Karp and Miller's coverability tree (Karp & Miller 



1969| ) for Petri Nets to build a finite representation of a proof tree for G. During 
the top-down construction of the graph for G, they apply in fact a generalization 
step that works as follows. If a goal, say B, that has to be proved is subsumed 
by a node already visited, say A, (i.e., B = A + A'), then the part of proof tree 
between the two goals is replaced by a proof tree for A + {A')*; A + {A')* is a 
finite representation of the union of A with the closure of A' . They use Dickson's 
Lemma to show that the construction always terminates. In the case of LO, the 
main difference with our approach is that we give a goal independent bottom-up 
algorithm. Technically, another difference is that in our fixpoint semantics we do 
not need any generalization step. In fact, in our setting the computation starts 
directly from (a representation of) upward-closed sets of contexts. This simplifies 
the computation as shown in Example^ (we only need to test Finally, differently 



from (Andrcoli ct al., 1997), in this paper we have given also a formal semantics 



for the extension of LO with the constant 1. 



The partial evaluation scheme of (Andreoli ct al, 1997) is aimed at compile-time 



optimizations of abstractions of LinLog programs. Another example of analysis of 
concurrent languages based on linear logic is given in ( Kobayashi et al, 1995| ) , where 



the authors present a type inference procedure that returns an approximation of 
the number of messages exchanged by HACL processes. 



In (Cervesato, 1995) Cervesato shows how to encode Petri Nets in LO, LoUi and 
Forum by exploiting the different features of these languages. We used some of these 
ideas to prove Proposition |6[ 

Finally, we have discussed the similarities between our semantics and the bottom- 
up semantics for Disjunctive Logic Programming of Minker, Rajasekar and Lobo 
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(Minkcr et al., 1991). In a disjunctive logic program, the head of a clause is a 
disjunction of atomic formulas, whereas the body is a conjunction of atomic formu- 
las. In the semantics of (Minker et al, 1991) interpretations are collections of sets 
(disjunctions) of atomic formulas. Only minimal (w.r.t. set inclusion) sets are kept 
at each fixpoint iteration. In contrast, in our setting we need to consider collec- 
tions of multisets of formulas. Therefore, in the prepositional case in order to prove 
the convergence of the fixpoint iteration, we need an argument (Dickson's lemma) 
stronger than the finiteness of the extended Herbrand base of ( Minker et al., 1991 ) 
(collection of all minimal sets). 



13 Conclusions and Future Work 



In this paper we have defined a bottom-up semantics for the fragment of LinLog 



(Andrcoli, 1992) consisting of the language LO (Andreoli & Pareschi, 1991) en- 
riched with the constant 1. In the propositional case, we have shown that without 
1 the fixpoint semantics is finitely computable. Our fixpoint operator is defined 
over constraints and gives us an effective way to evaluate bottom-up (abstractions 
of) linear logic programs. To conclude, let us discuss the directions of research that 
we find more promising. 

Linear Logic Programming. It would be interesting to extend the techniques we 
presented in this paper to larger fragments of linear logic. In particular, it would 



be interesting to define a bottom- up evaluation for languages like Lolli (Hodas 



Miller, 1994) and Lygon (Harland & Pym, 1994), and to study techniques for first- 
order formulation for all these languages. An extension of the present framework to 



the first-order case should also take into account the so-called S-semantics ( Falaschi 
|et al, 1992 ; Bossi et al, 1994), in order to model observables like computed answer 



substitutions and to cope with issues like compositional semantics. Concerning LO, 
we would also like to look at the connection with the so-called Chemical Abstract 



Machine metaphor (Andrcoli et al, 1993) 



Verification. In (Delzanno & Podelski, 1999), the authors show that properties of 
concurrent systems expressed in temporal logic can be defined in terms of fixpoint 
semantics of a logic program that encodes the transition system of a concurrent sys- 



tem. In (Delzanno & Podelski, 1999), synchronization between processes is achieved 
via shared variables, whereas in linear logic synchronization can be expressed via 
multiple headed clauses. Thus, our semantics might be a first step towards the ex- 



tension of the metaphor of (Delzanno & Podelski, 1999) to concurrent systems in 
which synchronization is expressed at the logical level (see Section ^l|). The other 
way round, through the connection between semantics and verification, techniques 



used for infinite-state systems with integer variables (see e.g. ( Delzanno fc Podel 



1999| ; [Bultan et al, 1997| ; [Hcnzinger et al, 1997| )) can be re-used in order to 
compute a static analysis of linear logic programs. 

Proof Tlieory. The connection we establish in this paper indicates a potential con- 



nection between the general decidability results for infinite-state systems of (Ab- 
[duUa et al, 1996 ; Finkel & Schnoebelen, 2001) and provability in sub-structural 
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logics like LO and afEne linear logic ( Kopylov, 1995| ). Viewing the provability rela- 
tion as a transition relation, it might be possible to find a notion of well-structured 



proof system (paraphrasing the notion of well-structured transition systems of ( Ab- 



duUa et al, 1996| ; Finkel & Schnocbelen, 2001)), i.e., a general notion of provability 



that ensures the termination of the bottom-up generation of valid formulas. 

Relations between DLP and LO. We hope that our study will give rise to new ideas 
for the analysis of LO programs. As an example, it could be interesting to study 
weak notions of negation for LO that are based on the negation of DLP. Moreover, 
we can use DLP operational and fixpoint semantics to analyze Petri Nets, given 
that the abstraction is complete in this case. Finally, there are still some open 
questions concerning the relation between DLP and LO in the setting of abstract 
interpretation. In particular, we would like to study the notion of completeness for 



the general class of LO programs (we remark that the example in (Bozzano et al. 



2000b ) showing incompleteness was wrong) . We would also like to analyze in more 



detail the connection between the notion of (full) completeness of the abstraction 
and proof-theoretic properties of provability in sub-structural logics, which has been 
only partly addressed in (Bozzano et al, 2000b). 
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